The urge to prioritize compliance is understandable; after all, a breach may happen, but an audit will happen. A focus on avoiding penalties, a misunderstanding of the purpose of regulations and the tendency to meet the bare minimum requirements are all signifiers of a compliance-first approach. None of them deliver real security.
Jon Collins’ in-depth look at tech and society
Phil Muncaster reports on China and beyond